<?php
session_start();
require_once( 'configs/config.php' );
require_once( 'lib/db.php' );

if( $_SERVER['REQUEST_METHOD'] == 'GET' )
{
	echo 'No post.';
	exit;
}

$formFields = array( 'Email', 'Password');

foreach( $formFields as $field )
{
	$form[ $field ] = htmlentities( trim( $_POST[ $field ] ), ENT_QUOTES );
	$form[ $field ] = $db->escape( $form[ $field ] );
}

$user = $db->get_row( 'SELECT UserUID, GroupUID FROM users WHERE Password = MD5(\'' . $form[ 'Password' ] . '\') AND Email = \'' . $form[ 'Email'] . '\'' );
//$db->debug();

if( $db->num_rows >= 0)
{
	$Level = $db->get_var( 'SELECT Level FROM usergroups WHERE GroupUID = \'' . $user->GroupUID . '\'' );
	$_SESSION[ 'UID' ] = $user->UserUID;
	$_SESSION[ 'Level' ] = $Level;

	header( 'Location: account.php' );
}
else
{
	header( 'Location: logout.php' );
}
?>